Cisco has advanced its intent-based networking gear so now it can both verify that networks are actually running according to the intentions set by admins and also so it can help to find and resolve network problems faster on both wired and wireless networks.

The company says this is a new phase in the evolution of its IBN in which it is addressing assurance – the ability to assess whether the intentions that have been translated into policies and orchestrated throughout the network by configuring individual devices are carrying out the intentions they are supposed to.

(In the run-up to VMWorld this week, VMware CEO Pat Gelsinger spoke to IDG Enterprise Editor-in-Chief Eric Knorr about announcements at the conference, the future of the company and his five-year tenure at the helm. This is a summary of some of the highlights of that interview.)

As VMware opens up its user conference this week in Las Vegas, the company’s CEO Pat Gelsinger says it is making significant announcements about cloud integration and security.

The internet of things combined with cloud computing is the platform for innovation that is used by NASA’s Jet Propulsion Laboratory and that should be used by enterprises, but it means setting up the right network infrastructure, JPL’s IT CTO says.

“Number one, build an IoT network that’s separate from the regular network,” says Tom Soderstrom, the JPL IT CTO. “That’s what we did, and we found that it was amazing.”

Microsoft has doubled down on its love for open source by bringing SQL Server 2017 to Linux, and it seems this support can help lighten the load for enterprises that already have in-house Linux expertise but also a need for SQL's functionality.

While it's not available until later this year, an early adopter has found a significant upside to the new support for Linux.

dv01, a software firm that makes a reporting and analytics platform to give financial institutions insight into consumer lending, has jumped the line and is running SQL Server 2017 on Linux rather than Windows for some of its workloads.

]]>https://www.networkworld.com/article/3041351/linux/microsoft-is-bringing-its-crown-jewel-sql-server-to-linux.html
LinuxServer HardwareWhat to do about WannaCry if you’re infected or if you’re notMon, 15 May 2017 09:46:00 -0700Tim GreeneTim Greene

Today is likely to be painful for many organizations all over the world that took the weekend off and are returning to the work-week to find hundreds or thousands of computers on their networks encrypted by WannaCry ransomware, which surfaced Friday and has been propagating ever since.

Estimates by law enforcement agency Europol estimated yesterday that more than 200,000 computers in 150 countries were infected, but with the worm continuing to spread to vulnerable Windows machines, that number will surely rise.

For those whose machines have not been infected, here’s what you need to do right away:

Apply the Microsoft patch that will thwart the attack. It’s available here.

If you can’t do that because you haven’t tested whether the patch will affect your software build, disable Server Message Block 1 (SMB1) network file sharing. That’s where the flaw is that it attacks.

Consider closing firewall port 139, 445 or both because these are the ports SMB uses.

Hospitals across England have fallen victim to what appears to be a coordinated ransomware attack that has affected facilities diverting patients to hospitals not hit by the malware.

The attackers are asking for $300 in Bitcoin to decrypt affected machines, payable within 24 hours or the ransom doubles. If the victims don’t pay within seven days, they lose the option to have the files decrypted, according to U.K. press reports.

While multiple healthcare facilities have been hit, the country’s health service says other types of groups have also fallen victim.

According to The Register, a spokesperson for the country’s National Health Service’s digital division said: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.” The spokesperson said the attack was not specifically targeted at the NHS, but affects organizations across a range of sectors, but didn’t specify which.

Bot-herding software called Persirai, which incorporates pieces of the Mirai botnet code, can commandeer significant chunks of a known 150,000 IP cameras that are vulnerable to Mirai and use them to fire off distributed denial-of-service attacks.

The Persirai botnet has attacked at least four targets, starting in a predictable pattern, according to researchers at Trend Micro.

Persirai takes advantage of a known vulnerability in the cameras to infect them, has them download malware from a command and control server, and then puts them to work either infecting other vulnerable cameras or launching DDoS attacks. “Based on the researchers’ observation, once the victim’s IP Camera received C&C commands, which occurs every 24 hours at 12:00 p.m. UTC, the DDoS attacks start,” the researchers say.

Check Point is investing heavily in educating IT pros about the cloud, not only to promote their own cloud security products but to give potential customers the skills they’ll need to keep their jobs as their employers move more and more resources to public cloud providers.

Check Point

“We try to explain how to be relevant in the cloud,” says Itai Greenberg, head of cloud security for Check Point.

A lot of old-school IT security workers need to learn about how cloud infrastructure works, the terminology used, the interconnections between cloud and corporate owned networks and the ins and outs of APIs, among other skills.

Cloud security startup RedLock comes out of stealth mode today with a service that helps defend business resources that reside in pubic clouds, gives customers visibility into how these resources are being used and stores records of that activity for auditing and forensics.

Because virtual machines, application instances and workloads change rapidly it’s hard to get a good picture of what’s going on within cloud services such as Amazon Web Services and Microsoft Azure, says RedLock’s CEO Varun Badwhar. “It’s hard to manually monitor and control,” he says.

A new ransomware-for-hire scheme called Fatboy adjusts the ransom it charges based on international exchange rates so it’s more likely the victims get hit for the largest amount they can reasonably pay.

Posted on Exploit, a Russian-language online forum, Fatboy automatically adjusts ransom demands according to where the victim is located, according to the Recorded Future blog.

That adjustment is based on the Big Mac Index, which was created by The Economist as a way to show whether official international monetary exchange rates line up with the price charged for a certain product – the Big Mac burger sold by McDonald’s – from country to country. The index tells whether currencies are overvalued or undervalued based on what McDonald’s charges in each country.

]]>https://www.networkworld.com/article/3194880/security/fatboy-ransomware-adjusts-demands-based-on-local-price-of-a-big-mac.html
SecurityCyber CrimeIt’s World Password Day but passwords may be headed for extinctionThu, 04 May 2017 03:28:00 -0700Tim GreeneTim Greene

Today is World Password Day but a range of alternative authentication methods is challenging passwords so that within the foreseeable future the day of awareness could become obsolete.

Biometrics and cell phones are important to this replacement, with ongoing trials of how effective they might be. There is a flurry of activity in these areas to do away with passwords:

The Samsung Galaxy S8 phone has an upgraded retinal scanner that can be used to unlock the phone, but that could be used as a second factor in authenticating to any number of online services. The phones also feature the more common fingerprint scanner.

Rumors have LG adding facial recognition software to their LG G6 phones that could be used in a similar manner.

Also, Alabama’s revenue department is trialing a face-recognition app from MorphoTrust that uses iPhones to scan taxpayers’ drivers licenses and to scan their face. The backend verifies the identity of the taxpayer by comparing the license image and uses that to authenticate the person filing an electronic return.

Phones are also used to receive texts of one-time passwords, which does involve a password, but not one the user generates or changes at some point or has to remember for more than a second or two.

Microsoft’s Hello enables Windows 10 users to login via facial recognition that employs an infrared camera and by scanning fingerprints. A patent application from the company indicates it’s looking at pairing a touchscreen stylus with gestures made on the screen to authenticate.

Microsoft is putting a new spin on this with its Microsoft Authenticator service. Users try to login to their Microsoft accounts and receive texts on their phones asking whether it’s really them trying to access the account. They tap the “approve” button and are authenticated without a password. It’s only good for logging into Microsoft accounts.

The U.S. military, which continues its interest in bug bounty programs as a way to improve cybersecurity, is launching a new contest next month.

Called “Hack the Air Force,” the new program will put certain of the branch’s Web sites up as targets for a set of international hackers who have been vetted by HackerOne, which is running the program.

The Hajime botnet is nearly 300,000 strong, making it a latent threat nearly as powerful as the notorious Mirai botnet that devastated high-profile websites last fall, leading some to think the internet had been broken.

Researchers at Kaspersky Lab lured devices infected with the Hajime worm to announce themselves to a Kaspersky honeypot, checked out whether they were actually infected and added them up. They came up with the number 297,499, says Igor Soumenkov, principal researcher at Kaspersky Lab.

An earlier estimate by Symantec put the size at tens of thousands. Estimates of the number of infected devices in Mirai botnets have put it about 400,000, but the number of devices that might be infected with the Hajime worm is 1.5 million, says Dale Drew, the CSO of Level 3, which has been building a profile of behavioral classifiers to identify it so it can be blocked.

The Travelers insurance company has teamed up with Symantec to give policyholders cyber security assessments and consultation in order to help them manage risks.

The self-assessment consists of filling out a 25-question survey and getting a written report of how well their network and data protection stacks up. If they want to, they can talk to a consultant who walks them through the results and recommends steps they could take to remediate risks.